An angry mob of tech enthusiasts this week started wielding pitchforks in response to a perceived security threat in Google’s Chrome browser. Discovered by Elliott Kember, the flaw seemingly gives anyone easy access to your saved passwords—banks, Facebook, etc.—with minimal effort involved. Google’s Chrome security team has already responded by saying it’s not going to change its current implementation.
By going to chrome://settings/passwords in the Chrome browser, you’ll see a list of your saved passwords and what sites they’re associated with. Passwords are obscured at first glance, but if you hover over one, a “Show” button will appear; pressing it will then reveal that password—it’s that simple. People are understandably perturbed with Google’s lack of security, though Google is less concerned.
According to the search giant’s Justin Schuh, the current solution doesn’t have any further security measures because it would mostly be for show. “We’ve found that boundaries within the OS user account aren’t reliable,” Schuh said. Google’s solution: Don’t give anyone you don’t trust access to your Chrome account. Beyond that, the company says its current security for Chrome took years of evaluation, and any other suggested measures—like a master password—would do more harm than good.
I personally have zero saved passwords in Chrome, so this isn’t an issue I can relate with. But it’s clear why people are concerned. The only way you can guarantee—at least for now—absolute safety is not to let any sketchy individuals have access to your Chrome account. If that means saying “no” to a friend of a friend that wants to check his or her Facebook on your laptop, then oh well.